On Friday, June 20, 2003, at 12:00AM, Ka K. Lor wrote:
I doing a project on Ethereal and trying to write a manuel for it using my
understanding....
I download winpcap 3.0 and ethereeal to install on my window xp. After
install it, if click on capture....it will pretend like it will capture
something..but nothing will be capture...I don't know how to define the
filter or initial filter to start with...
Try starting with *nothing* as the filter - leave the "Filter:" field blank. If it doesn't capture any packets, adding a filter won't help - a filter only *reduces* the number of packets captured (it "filters out" some packets and discards them), it can't cause *more* packets to be seen than would be seen with no filter (which means "don't filter out *any* packets). If you're not seeing any packets, see
http://www.ethereal.com/faq.html#q5.1
I need help with filter, after reading the given manuel, I still don't understand how to define filter under ethereal on window platform...
You define it the same way you define it on UNIX. See the tcpdump/WinDump man page for the platform on which you're running Ethereal; for WinPcap 3.0, for example, see
http://windump.polito.it/docs/manual.htm
Look for the section that begins with
expression
selects which packets will be dumped. If no expression is given, all packets on the net will be dumped. Otherwise, only packets for which expression is `true' will be dumped.
